Noxon Audio

The Noxon Audio is a simple wireless music player. It implements the following UPnP A/V profiles:

The wireless connection supports only WEP or passwordless networks, so it is unlikely it will be encountered much. It has been replaced by the Noxon Audio 2.

Noxon Audio quirks

There is no correspondence between the mute button on the remote and the (un)mute functionality that is offered through UPnP.

Audio spamming with the Noxon Audio

One of the SOAP actions that is implemented by th Noxon Audio is SetAVTransportURI with which you can set the variable NextAVTransportURI, which is defined in the UPnP MediaRenderer/MediaServer 1.0 specifications as "AVTransportURI value to be played when the playback of the current AVTransportURI finishes".

In the case of the Noxon Audio as soon as you set it and force it to go to the next track, it will start playing from the new URI, even if this is a non-LAN URI. So you can force the device to play content that a user does not want to hear, such as audio spam or propaganda.

The requester does not even have to be on the local network. If some malware could first make a portforward to the UPnP control port on the Noxon Audio (through UPnP of course!) the attack can be almost completely remote.

© 2006-2011, Armijn Hemel/upnp-hacks.org